Submitted by heartin on Sun, 07/21/2019 - 01:50
Problem:
How to switch between 2 accounts in AWS
Solution Summary:
- Create a role with necessary permissions in Account B.
- Grant access to the user groups in Account A to assume that role from Account B providing the complete role ARN.
- Sign in as a user from the testusergroup into Account A and switch role to Account B.
Prerequisites:
You should have two different AWS Accounts
Solution Steps:
We will be giving access to the S3 bucket of Account B to Account A.
- Create a role with necessary permissions in Account B.
- Create a Policy 'Account_B_Policy' with access to the S3 buckets of the account
- Create a Role 'Account_B_Role' by selecting the trusted entity as another AWS account. Provide the account id of Account A while selecting the trusted entity
- Assign the policy 'Account_B_Policy' to 'Account_B_Role'.
- Grant access to the user groups in Account A to assume that role from Account B providing the complete role ARN.
- Create a policy 'Account_A_Policy' with permission as STS:AssumeRole and provide the ARN of 'Account_B_Role'.
- Create a group 'Account_A_Group' and assign the 'Account_A_policy' to this group
- Assign 'Account_A_Group' to 'testuser'.
- Sign in as a user from the testusergroup(Account_A_Group) into Account A and switch role to Account B.
- Login as 'testuser' to Account A.
- On the top upper right side , there will be a dropdown along with the logged in username where you can find the 'Switch Role' option
- Click 'Switch Role', provide the account id and Role name and click 'Switch Role'
- You will be redirected to the other AWS account where you can perform allowed actions
- You will have the option to switch back to the curren test user account
Recent comments